On 8/19/13 7:08 PM, Andre Oppermann wrote:
Author: andre
Date: Mon Aug 19 11:08:36 2013
New Revision: 254519
URL: http://svnweb.freebsd.org/changeset/base/254519
Log:
Move the global M_SKIP_FIREWALL mbuf flags to a protocol layer specific
flag instead. The flag is only used within the IP and IPv6 layer 3
protocols.
weeeeelllll, "maybe"
Layer 2 usage of ipfw could make use of this flag as well.
Cisco were using L2 ipfw some years back. I don't know if this affects
them at all.
Because some firewall packages treat IPv4 and IPv6 packets the same the
flag should have the same value for both.
Discussed with: trociny, glebius
Modified:
head/sys/netinet/ip_var.h
head/sys/netinet6/ip6_var.h
head/sys/sys/mbuf.h
Modified: head/sys/netinet/ip_var.h
==============================================================================
--- head/sys/netinet/ip_var.h Mon Aug 19 10:34:10 2013 (r254518)
+++ head/sys/netinet/ip_var.h Mon Aug 19 11:08:36 2013 (r254519)
@@ -163,10 +163,12 @@ void kmod_ipstat_dec(int statnum);
#define IP_ALLOWBROADCAST SO_BROADCAST /* 0x20 can send broadcast
packets */
/*
- * mbuf flag used by ip_fastfwd
+ * IPv4 protocol layer specific mbuf flags.
*/
#define M_FASTFWD_OURS M_PROTO1 /* changed dst to local
*/
#define M_IP_NEXTHOP M_PROTO2 /* explicit ip nexthop
*/
+#define M_SKIP_FIREWALL M_PROTO3 /* skip firewall
processing,
+ keep in sync with IP6 */
#define M_IP_FRAG M_PROTO4 /* fragment reassembly
*/
#ifdef __NO_STRICT_ALIGNMENT
Modified: head/sys/netinet6/ip6_var.h
==============================================================================
--- head/sys/netinet6/ip6_var.h Mon Aug 19 10:34:10 2013 (r254518)
+++ head/sys/netinet6/ip6_var.h Mon Aug 19 11:08:36 2013 (r254519)
@@ -293,7 +293,12 @@ struct ip6aux {
#define IPV6_FORWARDING 0x02 /* most of IPv6 header exists */
#define IPV6_MINMTU 0x04 /* use minimum MTU
(IPV6_USE_MIN_MTU) */
-#define M_IP6_NEXTHOP M_PROTO7 /* explicit ip nexthop */
+/*
+ * IPv6 protocol layer specific mbuf flags.
+ */
+#define M_IP6_NEXTHOP M_PROTO2 /* explicit ip nexthop
*/
+#define M_SKIP_FIREWALL M_PROTO3 /* skip firewall
processing,
+ keep in sync with IPv4 */
#ifdef __NO_STRICT_ALIGNMENT
#define IP6_HDR_ALIGNED_P(ip) 1
Modified: head/sys/sys/mbuf.h
==============================================================================
--- head/sys/sys/mbuf.h Mon Aug 19 10:34:10 2013 (r254518)
+++ head/sys/sys/mbuf.h Mon Aug 19 11:08:36 2013 (r254519)
@@ -196,7 +196,7 @@ struct mbuf {
#define M_FRAG 0x00000800 /* packet is a fragment of a larger
packet */
#define M_FIRSTFRAG 0x00001000 /* packet is first fragment */
#define M_LASTFRAG 0x00002000 /* packet is last fragment */
-#define M_SKIP_FIREWALL 0x00004000 /* skip firewall processing */
+ /* 0x00004000 free */
/* 0x00008000 free */
#define M_VLANTAG 0x00010000 /* ether_vtag is valid */
#define M_PROMISC 0x00020000 /* packet was not for us */
@@ -253,7 +253,7 @@ struct mbuf {
* Flags preserved when copying m_pkthdr.
*/
#define M_COPYFLAGS \
- (M_PKTHDR|M_EOR|M_RDONLY|M_PROTOFLAGS|M_SKIP_FIREWALL|M_BCAST|M_MCAST|\
+ (M_PKTHDR|M_EOR|M_RDONLY|M_PROTOFLAGS|M_BCAST|M_MCAST|\
M_FRAG|M_FIRSTFRAG|M_LASTFRAG|M_VLANTAG|M_PROMISC|M_HASHTYPEBITS)
/*
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
